The data was made private on November 28, two weeks after it was first indexed by Shodan, although it’s unknown how long it was exposed for before that. It could have been obtained by hackers, or theoretically the owner of the Elasticsearch instances could have been extorted.

HackenProof also warned that in cases like this, full access could have allowed for remote code execution on the system.

“While the source of the leak was not immediately identifiable, the structure of the field “source” in data fields is similar to those used by a data management company Data & Leads Inc,” said HackenProof.

Adding to the mystery, that company’s website is now offline and the researchers have not been able to establish contact with any representatives.

“Over-privileged identities are one of the biggest threats facing enterprises with complex, multi-cloud environments, and we will continue to see database leaks like this one until companies get better at assessing and managing unused, high-risk privileges,” he added.

“This latest data breach should serve as a wake-up call to IT security operations teams. Poorly secured, internet-facing infrastructure will be discovered and exploited. The developing threat landscape reinforces the notion that all organisations have targets firmly on their backs at all times and threat actors will continue to innovate attack methods to secure valuable data and possibly leverage that data for more nefarious purposes.”

Cofense director of sales engineering, David Mount, argued that those affected may have been exposed to phishing campaigns.

“It’s extremely important for end-users to stay vigilant when monitoring email inboxes for any messages that may seem unexpected, strange or suspicious and report them immediately for further analysis," he added.

“Remember that mitigating risk doesn’t end with addressing the vulnerable server. As important as security software and firewalls are, technology alone is not enough to stop active phishing attacks.”